Support

Admin Tools

#9815 Enable Bad Behavior AND Project Honeypot BL

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 03 April 2011 17:17 CDT

Saturday, 02 April 2011 07:36 CDT

user32688
The Project Honeypot implementation list includes Bad Behavior as one that uses the PH BL service. Am I causing unnecessary site overhead by enabling Bad Behavior and also providing a PH HTTP:BL key? Is there any additional benefit/protection provided by having both services enabled?

Regards,
Ed

Saturday, 02 April 2011 16:36 CDT

nicholas
The Bad Behavior feature is an integration of the same-named third party library which tries to analyse the inbound HTTP traffic to your site and figure out potential spammer, cracker or spambot attacks. It does cause some overhead, as each inbound request has to be analysed by the library.

Providing a PH:BL key will allow your site to determine if a visitor is a known hacker or spammer and deny him access to your site. In order to do that, a DNS query has to be performed on each inbound request. Most likely your host does cache these DNS queries' results so there is minimal overhead.

Unless you have a very serious spammer issue on your site, I'd suggest turning the Bad Behavior feature off.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 03 April 2011 08:23 CDT

user32688
Nicolas,

Thanks for the quick response. That clears things up a bit, but I guess my real question, which was not articulated very well, is since it appears that Bad Behavior accesses http:BL in the process of analysing each request, is there any benefit to using the http:BL key when Bad Behavior IS enabled?

I say that Bad Behavior access http:BL because they are listed as a software author who has implemented that service in their product.

Thanks again,
Ed

Sunday, 03 April 2011 17:17 CDT

nicholas
Actually, yes. Bad Behavior by itself uses a heuristics system to analyse the inbound request. HTTP:BL, on the other hand, checks the IP address of the inbound request against a global database of known attackers. The idea is that if someone is on the black list, we shouldn't bother serving his request at all. So, the workflow is: check the HTTP:BL database using a DNS query, if the IP address shows a known attacker immediately deny the request, otherwise proceed with the heuristics. IMHO, if you're going to be using Bad Behavior integration it's worth the overhead.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!